Collaborate Disseminate
On my system (Ubuntu 22.04) I have encrypted my private key with a passphrase and added it to the ssh agent with ssh-add.
On use of the key, I am prompted with the option "Automatically unlock this key whenever I’m logged in".
In… Continue reading Auto-unlock private key: which implications?
in the documentation of Ubuntu ssh keys, I was surprised to read
"If your RSA key has a strong passphrase, it might take your attacker a few hours to guess by brute force.".
Really? A good pseudorandom passphrase with enough le… Continue reading How resiliant is a private key passphase to brute force attacks?
We start sshd using xinetd on our gateway. Here is the xinetd config file:
service ssh
{
instances = 10
socket_type = stream
wait = no
user = root
protocol = tcp
server … Continue reading sshd won’t start from xinetd in OpenSSH 9.8p1 [migrated]
A second remote code execution vulnerability, tracked as CVE-2024-6409, was found in OpenSSH during an analysis of the regreSSHion flaw.
The post Microsoft Says Windows Not Impacted by regreSSHion as Second OpenSSH Bug Is Found appeared first on Securi… Continue reading Microsoft Says Windows Not Impacted by regreSSHion as Second OpenSSH Bug Is Found
The ssh-keygen command to generate the pair of keys files can use the -t option. According to Ubuntu Noble’s man ssh-keygen for the mentioned option, it indicates:
-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
Specifi… Continue reading OpenSSH 9.6p1: What is the best key type for the ssh-keygen command through the -t option?
The critical OpenSSH vulnerability tracked as regreSSHion and CVE-2024-6387 may already be targeted by attackers, but mass exploitation is unlikely.
The post regreSSHion OpenSSH Flaw: Potential Exploitation Attempts Seen, but Mass Attacks Unlikely appe… Continue reading regreSSHion OpenSSH Flaw: Potential Exploitation Attempts Seen, but Mass Attacks Unlikely
The OpenSSH bug represents the latest high-profile vulnerability to affect the open-source software ecosystem.
The post Researchers uncover rare, difficult-to-exploit OpenSSH vulnerability appeared first on CyberScoop.
Continue reading Researchers uncover rare, difficult-to-exploit OpenSSH vulnerability
A critical vulnerability in OpenSSH (regreSSHion) allows attackers full access to servers! Millions at risk. Learn how to… Continue reading regreSSHion: Critical Vulnerability in OpenSSH Exposes Millions of Servers
Millions of OpenSSH servers could be vulnerable to unauthenticated remote code execution due to a vulnerability tracked as regreSSHion and CVE-2024-6387.
The post Millions of OpenSSH Servers Potentially Vulnerable to Remote regreSSHion Attack appeared … Continue reading Millions of OpenSSH Servers Potentially Vulnerable to Remote regreSSHion Attack
Here’s a hot topic:
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
https://lwn.net/Articles/967180/
https://lwn.net/ml/oss-security/20240329155126.kjjfduxw2yrlxgzm@awork3.anarazel.de/
I’m not an expert i… Continue reading XZ compromise and consequences for people having used it